VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2021· Updated Aug 3, 2024

CVE-2021-20132

CVE-2021-20132

Description

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

D-Link DIR-2640 routers running firmware 1.11B02 use default hard-coded credentials for Quagga services, allowing remote attackers to gain root access.

Vulnerability

The D-Link DIR-2640 router with firmware version 1.11B02 or earlier enables Quagga network configuration services by default, specifically zebra on TCP port 2601 and ripd on TCP port 2602. These services use default hard-coded credentials for both CLI access and privilege escalation via the enable command [1]. The credentials are easily discoverable.

Exploitation

An attacker with network access to the router (adjacent network) can connect to the Quagga services on ports 2601 or 2602 and log in using the default credentials. Then, by issuing the enable command with the same default password, the attacker gains administrative privileges within the service [1].

Impact

Successful exploitation allows the attacker to obtain complete control of the Quagga services, which run with root privileges (UID 0). This effectively grants root-level access to the router, enabling full compromise of confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2021-12-30), no fix has been released; the latest firmware (1.11B02) still contains the vulnerability. Users should monitor D-Link for firmware updates. Until a patch is available, consider disabling the Quagga services if not needed, or restrict network access to the affected ports [1].

References
  1. Critical Vulnerabilities on the D-Link DIR-2640 Router

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • D-Link/DIR-2640description
  • Dlink/DIR-2640llm-fuzzy
    Range: <=1.11B02

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.